FIX: Unchecked Buffer May Occur When You Connect to Remote Data Source

Article translations Article translations
Article ID: 317979 - View products that this article applies to.
This article was previously published under Q317979
This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided "as-is" without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.
BUG #: 102359 (SQLBUG_70)
BUG #: 356666 (SHILOH_BUGS)
Expand all | Collapse all

On This Page

SYMPTOMS

When you submit a query to a remote data source and the query contains a string longer than what is expected, the buffer could be overwritten. If you submit a query that has a string longer than expected, the query may cause a handled exception of this SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.

RESOLUTION

SQL Server 2000

To resolve this problem in SQL Server 2000, use these steps:
  1. Obtain and install SQL Server 2000 Service Pack 2.

    For information on how to obtain SQL Server 2000 Service Pack 2, see the following article in the Microsoft Knowledge Base:
    290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack
  2. Apply the hotfix.

    The English version of this fix should have the following file attributes or later:
       Date          Time         Version       Size        File name
       -----------------------------------------------------------------
    
       2/12/2002     11:28 PM     8.00.0578     7269 KB     Sqlservr.exe
    
    						
    NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.
    To download the hotfix for SQL Server 2000, see the following article in the Microsoft Knowledge Base:
    316333 INF: SQL Server 2000 Security Update for Service Pack 2

SQL Server 7.0

To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301511 INF: How to Obtain the Latest SQL Server 7.0 Service Pack
NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

Hotfix: To resolve this problem in SQL Server 7.0, follow these steps:
  1. Obtain SQL Server 7.0 Service Pack 3. For information about how to obtain SQL Server 7.0 Service Pack 3, see the following article in the Microsoft Knowledge Base:

    274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
  2. Apply the appropriate hotfix for your platform.

    Intel

    The English version of this fix for the Intel platform should have the following file attributes or later:
       Date          Time        Version          Size        File name
       ---------------------------------------------------------------------
    
       2/18/2002     4:19 PM     7.00.1021.02     4937 KB     Sqlservr.exe
         
    						
    NOTE: Because of file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.


    Alpha

    The English version of this fix for the Alpha platform should have the following file attributes or later:
       Date          Time        Version          Size        File name
       ---------------------------------------------------------------------
    
       2/18/2002     4:19 PM     7.00.1021.02     11385 KB     Sqlservr.exe
      
    						
    NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.


    To download the hotfix for SQL Server 7.0 (for either platform), see the following article in the Microsoft Knowledge Base:
    318268 INF: SQL Server 7.0 Security Update for Service Pack 3

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 7.0
This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.

Properties

Article ID: 317979 - Last Review: September 27, 2005 - Revision: 3.2
APPLIES TO
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 7.0 Standard Edition
Keywords: 
kbhotfixserver kbqfe kbbug kbfix kbsqlserv700presp4fix KB317979

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com